hardening FreeBSD, already using GBDE
ivoras at freebsd.org
Thu Jan 21 15:51:55 UTC 2010
On 01/21/10 16:32, Henry Olyer wrote:
> For example, the editor I use normally writes to /tmp -- I changed that,
> making it slower, but in the event that someone takes my laptop I want to
> sleep at night.
If you use a swap-backed memory drive (see
http://man.freebsd.org/mdconfig) for /tmp and use geli to encrypt the
swap, there would be no chance of recovery of your temporary files.
> I've no problem letting some poor person make a windoz machine out of my
> laptop -- but I don't want to share my work, my intellectual property. (I
> do research.)
> So, I'm looking for a list of changes to make, hacks really, that will
> further tighten up security.
You did not specify anything really exact. You already encrypt your
on-disk data. Do you always use encrypted network protocols like ssh and
https? Strong passwords? Adequate physical security? Up-to-date software?
More information about the freebsd-questions